Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why do I get "Splunk is not running" trying to run "list monitor" on my forwarder, and I can't stop splunk with error "Could not kill pid 379. [FAILED]"?

efrenette11
Path Finder
‎08-17-2015 11:54 AM

I can't list monitor my forwarder. I obtain "splunk is not running" even if the splunk status says it is running.

So I've tried to stop/start, but I can't do this either as I receive (Could not kill pid 379)

Any help ?

[splunk@app2.cort.jetdev2.syseng.tmcs ~]$ /opt/splunk/bin/splunk status
splunkd is running (PID: 379).
splunk helpers are running (PIDs: 381).
splunkweb is running (PID: 3091).
[splunk@app2.cort.jetdev2.syseng.tmcs ~]$ /opt/splunk/bin/splunk list monitor
Splunk is not running, and it must be for this operation. To start splunk, run "splunk start".
[splunk@app2.cort.jetdev2.syseng.tmcs ~]$ /opt/splunk/bin/splunk stop
                                                           [  OK  ]
Stopping splunkweb...Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
Could not kill pid 379.                                    [FAILED]
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

efrenette11
Path Finder
‎08-18-2015 05:25 AM

Ok I found this :

By removing the pid, it's working now.
splunkforwarder/var/run/splunk/splunkd.pid

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

efrenette11
Path Finder
‎08-18-2015 05:25 AM

Ok I found this :

By removing the pid, it's working now.
splunkforwarder/var/run/splunk/splunkd.pid

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-17-2015 12:54 PM

Try something like this

 pkill splunk
 service splunk start
0 Karma
Reply
Solved! Jump to solution

efrenette11
Path Finder
‎08-18-2015 05:11 AM

Tks for the help but this does not works. Any other's idea ?

0 Karma
Reply
Solved! Jump to solution

efrenette11
Path Finder
‎08-17-2015 12:00 PM

Also, here's what I have a splunk process running.

[tmweb@app2.cort.jetdev2.syseng.tmcs ~]$ ps aux | grep splunk
tmweb     4044  0.0  0.0  61184   792 pts/0    S+   11:59   0:00 grep splunk
root      5969  0.0  0.0   8696  1200 ?        Ss   Aug16   0:00 /bin/bash -c sleep $(( $RANDOM * 86400 / 32767 )); [ -x /app/shared/bin/splunk_cfg_backup.sh ] && /app/shared/bin/splunk_cfg_backup.sh
[tmweb@app2.cort.jetdev2.syseng.tmcs ~]$
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...